Make session cookie name customizable. (#256)

This option is optional and set to authelia_session
by default.
This commit is contained in:
Clément Michaud 2018-08-19 13:07:00 +02:00 committed by GitHub
parent 2b1807d32b
commit 0dd9a5f815
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 20 additions and 5 deletions

View File

@ -173,6 +173,9 @@ access_control:
#
# The session cookies identify the user once logged in.
session:
# The name of the session cookie. (default: authelia_session).
name: authelia_session
# The secret to encrypt the session cookie.
secret: unsecure_session_secret

View File

@ -39,6 +39,7 @@ describe("configuration/SessionConfigurationBuilder", function () {
},
port: 8080,
session: {
name: "authelia_session",
domain: "example.com",
expiration: 3600,
secret: "secret"
@ -73,6 +74,7 @@ describe("configuration/SessionConfigurationBuilder", function () {
const options = SessionConfigurationBuilder.build(configuration, deps);
const expectedOptions = {
name: "authelia_session",
secret: "secret",
resave: false,
saveUninitialized: true,
@ -118,6 +120,7 @@ describe("configuration/SessionConfigurationBuilder", function () {
},
port: 8080,
session: {
name: "authelia_session",
domain: "example.com",
expiration: 3600,
secret: "secret",
@ -165,6 +168,7 @@ describe("configuration/SessionConfigurationBuilder", function () {
secret: "secret",
resave: false,
saveUninitialized: true,
name: "authelia_session",
cookie: {
secure: true,
httpOnly: true,

View File

@ -7,6 +7,7 @@ export class SessionConfigurationBuilder {
static build(configuration: Configuration, deps: GlobalDependencies): ExpressSession.SessionOptions {
const sessionOptions: ExpressSession.SessionOptions = {
name: configuration.session.name,
secret: configuration.session.secret,
resave: false,
saveUninitialized: true,

View File

@ -9,6 +9,7 @@ describe("configuration/schema/SessionConfiguration", function() {
};
const newConfiguration = complete(configuration);
Assert.equal(newConfiguration.name, 'authelia_session');
Assert.equal(newConfiguration.expiration, 3600000);
Assert.equal(newConfiguration.inactivity, undefined);
});

View File

@ -4,6 +4,7 @@ export interface SessionRedisOptions {
}
export interface SessionConfiguration {
name?: string;
domain: string;
secret: string;
expiration?: number;
@ -14,6 +15,10 @@ export interface SessionConfiguration {
export function complete(configuration: SessionConfiguration): SessionConfiguration {
const newConfiguration: SessionConfiguration = (configuration) ? JSON.parse(JSON.stringify(configuration)) : {};
if (!newConfiguration.name) {
newConfiguration.name = "authelia_session";
}
if (!newConfiguration.expiration) {
newConfiguration.expiration = 3600000; // 1 hour
}

View File

@ -1,4 +1,4 @@
Feature: User and groups headers are correctly forwarded to backend
Feature: Headers are correctly forwarded to backend
@need-authenticated-user-john
Scenario: Custom-Forwarded-User and Custom-Forwarded-Groups are correctly forwarded to protected backend
When I visit "https://public.example.com:8080/headers"

View File

@ -2,7 +2,8 @@ import {Then} from "cucumber";
import seleniumWebdriver = require("selenium-webdriver");
import CustomWorld = require("../support/world");
import Util = require("util");
import BluebirdPromise = require("bluebird");
import Bluebird = require("bluebird");
import Request = require("request-promise");
Then("I see header {string} set to {string}",
{ timeout: 5000 },
@ -11,8 +12,8 @@ Then("I see header {string} set to {string}",
.then(function (txt: string) {
const expectedLine = Util.format("\"%s\": \"%s\"", expectedHeaderName, expectedValue);
if (txt.indexOf(expectedLine) > 0)
return BluebirdPromise.resolve();
return Bluebird.resolve();
else
return BluebirdPromise.reject(new Error(Util.format("No such header or with unexpected value.")));
return Bluebird.reject(new Error(Util.format("No such header or with unexpected value.")));
});
})